Saturday, January 29, 2011

Strategy to allow emergency access to colocation crew

I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them.

However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login.

On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings.

  • Should I even bother worrying about that?
  • Should I set up a sudoer account with a one-time password that will change if I ever use it?
  • Is there a common strategy for handling something like this?
  • Well, a lot will obviously depend on the specifics of the case, but you should keep in mind that with physical access to the machine, they can practically do anything they want anyway.

    The common solution for this is to give them a dedicated maintenance account that has root rights via sudo. Then you can give them the pw when you want them to have root access. If you want to take away root access, just change the pw on the maintenance account.

    At any rate you can configure SSH to only allow key-based logins. Then the maintenance account + pw would only be usable for logins at the physical console (even if it is enabled), further restricting the access to the system (if you want to).

    Ryaner : We do this and it works well. You can add command logging to the maintenance account too if you really want to look and see what has been done
    From sleske
  • You should buy an option for access via IP-KVM. You will have access to everything, including single-user mode and BIOS.

    kbyrd : How does that solve the security issues in the original question?
    minaev : Actually, it does not eliminate them completely (sleske is absolutely right here, physical access makes all precautions useless), but mitigates to an acceptable level, when you know for sure that nobody besides you has any right to log in. Any attempt to log in is an intrusion.
    From minaev
  • We got a similar setup for some external boxes. We keep the root-password secret and only give it out when it's needed, when done we change it. We do not allow root logins via ssh so the password is only relevant when you got physical access.

    From rkthkr

0 comments:

Post a Comment